PKGREVISION++

- fix a buffer overflow: "A malicious formatted mp3/2 causes mpg123 to fail header checks, this may allow arbitrary code to be executed with the privilege of the user trying to play the mp3." - patch from Debian but retain code style.
author: salo <salo> 2004-09-07 22:14:09 +0000
committer: salo <salo> 2004-09-07 22:14:09 +0000
commit: a7eab3aea3b215b98407bb0c2a91a5575da21527 (patch)
tree: 5aa40d0538a652dadb25db85efc7556e7f4d446e /audio/mpg123/patches
parent: 9a3f7412c2f1222061fbd87dbb27498fce0bac85 (diff)
download: pkgsrc-a7eab3aea3b215b98407bb0c2a91a5575da21527.tar.gz
1 files changed, 19 insertions, 0 deletions
diff --git a/audio/mpg123/patches/patch-ar b/audio/mpg123/patches/patch-ar
new file mode 100644
index 00000000000..0e8d87d8d0a
--- /dev/null
+++ b/audio/mpg123/patches/patch-ar
@@ -0,0 +1,19 @@
+$NetBSD: patch-ar,v 1.1 2004/09/07 22:14:09 salo Exp $
+
+CVE: CAN-2004-0805
+
+--- layer2.c.orig	1999-02-10 13:13:06.000000000 +0100
++++ layer2.c	2004-09-08 00:00:06.000000000 +0200
+@@ -265,6 +265,12 @@
+   fr->jsbound = (fr->mode == MPG_MD_JOINT_STEREO) ?
+      (fr->mode_ext<<2)+4 : fr->II_sblimit;
+ 
++  if (fr->jsbound > fr->II_sblimit)
++  {
++    fprintf(stderr, "Truncating stereo boundary to sideband limit.\n");
++    fr->jsbound=fr->II_sblimit;
++  }
++
+   if(stereo == 1 || single == 3)
+     single = 0;
+
author	salo <salo>	2004-09-07 22:14:09 +0000
committer	salo <salo>	2004-09-07 22:14:09 +0000
commit	a7eab3aea3b215b98407bb0c2a91a5575da21527 (patch)
tree	5aa40d0538a652dadb25db85efc7556e7f4d446e /audio/mpg123/patches
parent	9a3f7412c2f1222061fbd87dbb27498fce0bac85 (diff)
download	pkgsrc-a7eab3aea3b215b98407bb0c2a91a5575da21527.tar.gz